SSL flaw could allow hijacking of 'secure' Web sessions

By Chris Paoli

Sep 21, 2011

Two security researchers say they've uncovered a serious flaw in the Secure Sockets Layer (SSL) cryptographic protocol that could allow a hijacker to take control of a user's session from a specific Web site.

"We present a new fast block-wise chosen-plaintext attack against SSL/TLS," wrote Rizzo, in an announcement of the pair's upcoming demonstration. "We also describe one application of the attack that allows an adversary to efficiently decrypt and obtain authentication tokens and cookies from HTTPS requests. Our exploit abuses a vulnerability present in the SSL/TLS implementation of major Web browsers at the time of writing."

Rizzo said that if this vulnerability is perfected, an attacker could have the unwanted code installed and executed in as short as 10 minutes on an unsuspecting user's system.

What makes this vulnerability unique is that it allows an attacker to bypass Web certificates to initiate phishing, man-in-the-middle attacks or spoofed Web content -- an action that was widely thought to be unable to do.

"It is worth noting that the vulnerability that BEAST exploits has been presented since the very first version of SSL," said Duong, in an interview with security Web site ThreatPost. "Most people in the crypto and security community have concluded that it is non-exploitable, that's why it has been largely ignored for many years."

While newer versions (1.1 and 1.2) of the Transport Layer Security (TLS) cannot be taken advantage of from this exploit, most Web browsers, including Chrome and Firefox, still only support the older, vulnerable version 1.0.

For the team of Rizzo and Duong, this isn't their first high-profile security discovery -- the two were responsible for discovering a bug in the default encryption mechanism used to protect the cookies in ASP.NET last year, which led to an out-of-band patch.

SSL vulnerabilities have been found before. In 2009, security researcher Dan Kaminsky demonstrated exploits against SSL at the Black Hat Briefings in Las Vegas. Earlier this year, other exploits were demonstrated at Black Hat conferences in Las Vegas and Washington, D.C.